Exemplo n.º 1
0
        public override Task OnActionExecutionAsync(ActionExecutingContext controllerContext, ActionExecutionDelegate cancellationToken)
        {
            //获取用户登录信息
            var authorization = controllerContext.HttpContext.Request.Headers["Authorization"].ToString();

            if (authorization != null && authorization.Contains("BasicAuth"))
            {
                var encrypt  = authorization.Split(" ")[1];
                var userInfo = TicketEncryption.VerifyTicket(encrypt, out string client);
                AccountInfo = userInfo;
            }
            return(base.OnActionExecutionAsync(controllerContext, cancellationToken));
        }
Exemplo n.º 2
0
        public void OnAuthorization(AuthorizationFilterContext context)
        {
            //允许匿名访问
            if (context.HttpContext.User.Identity.IsAuthenticated ||
                context.Filters.Any(item => item is IAllowAnonymousFilter))
            {
                return;
            }


            var httpContext = context.HttpContext;

            var claimsIdentity = httpContext.User.Identity as ClaimsIdentity;
            var request        = context.HttpContext.Request;
            var authorization  = request.Headers["Authorization"].ToString();

            if (authorization != null && authorization.Contains("BasicAuth"))
            {
                //当前登录用户ticket
                var current_ticket = authorization.Split(" ")[1];
                var userInfo       = TicketEncryption.VerifyTicket(current_ticket, out string dec_client);
                if (userInfo != null)
                {
                    //同一个终端多次登录挤下线功能 返回403
                    if (userInfo.ticket != current_ticket && userInfo.client.ToString() == dec_client)
                    {
                        #region 多设备挤下线代码
                        var response = new HttpResponseMessage();
                        context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                        context.Result = new JsonResult("Forbidden:The current authorization has expired");
                        #endregion

                        return;
                    }
                    else
                    {
                        return;
                    }
                }
            }
            // 401 未授权
            context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
            context.Result = new JsonResult("Forbidden:Tiket Invalid");
        }